Solved Infected with Sirefef

Please re-run OTL and we'll remove Norton manually.
Just click on "Quick scan" button. No custom script needed.
Only one log will be produced.
 
OTL logfile created on: 6/29/2012 12:05:39 PM - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Ivana\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.97 Gb Available Physical Memory | 48.84% Memory free
4.21 Gb Paging File | 3.08 Gb Available in Paging File | 73.16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 224.80 Gb Total Space | 122.46 Gb Free Space | 54.48% Space Free | Partition Type: NTFS

Computer Name: EVERGREEN | User Name: Ivana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/28 19:21:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ivana\Desktop\OTL.exe
PRC - [2012/05/26 06:32:24 | 004,327,744 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Ivana\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/03/26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2011/09/30 16:33:24 | 000,646,232 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
PRC - [2011/09/08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe
PRC - [2011/09/08 17:48:34 | 003,281,272 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
PRC - [2011/09/08 17:48:34 | 001,485,176 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
PRC - [2011/09/08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe
PRC - [2011/07/29 13:45:56 | 000,217,256 | ---- | M] (Visicom Media Inc. (Powered by Panda Security)) -- C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
PRC - [2011/07/26 18:10:20 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010/08/31 23:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/04/10 23:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/21 12:31:46 | 001,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2008/01/04 20:56:52 | 003,572,592 | ---- | M] (Webroot Software, Inc.) -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
PRC - [2007/10/31 14:13:44 | 000,921,600 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
PRC - [2007/10/31 09:40:08 | 000,125,440 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe
PRC - [2007/10/30 12:04:08 | 001,804,840 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2007/10/30 12:04:08 | 000,748,072 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2007/10/12 17:29:56 | 000,045,056 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
PRC - [2007/09/20 11:05:10 | 000,550,776 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
PRC - [2007/09/19 12:09:58 | 000,311,296 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\ISB Utility\ISBMgr.exe
PRC - [2007/09/06 16:38:24 | 000,053,248 | ---- | M] (Sony Electronics, Inc.) -- C:\Program Files\Sony\VAIO Center Access Bar\VCAB.exe
PRC - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/08/28 17:27:12 | 000,131,072 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
PRC - [2007/08/28 17:27:10 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
PRC - [2007/08/14 21:05:18 | 000,100,472 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
PRC - [2007/06/28 09:52:48 | 000,274,432 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2007/06/15 12:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/03/05 13:27:32 | 000,474,808 | ---- | M] (Sony Corporation) -- C:\Users\Ivana\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe
PRC - [2007/01/09 21:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/16 17:18:19 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012/06/16 17:18:10 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012/05/20 14:25:33 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012/05/20 14:25:24 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2011/09/30 16:33:24 | 000,646,232 | ---- | M] () -- C:\Program Files\Bamboo Dock\BambooCore.exe
MOD - [2011/09/08 17:48:36 | 000,962,936 | ---- | M] () -- C:\Program Files\Tablet\Pen\libxml2.dll
MOD - [2011/07/26 18:10:20 | 003,077,528 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
MOD - [2010/08/31 23:39:28 | 000,095,528 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/08/31 23:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2007/10/30 11:57:58 | 000,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2007/10/30 11:44:52 | 000,393,216 | ---- | M] () -- C:\Windows\System32\btwhidcs.dll
MOD - [2007/09/19 17:04:28 | 000,249,856 | ---- | M] () -- C:\Windows\System32\igfxTMM.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/23 12:35:31 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/16 19:39:25 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/22 20:14:49 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012/03/26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/09/08 17:48:34 | 005,554,552 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2011/09/08 17:48:34 | 000,451,960 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Program Files\Tablet\Pen\Pen_TouchService.exe -- (TouchServicePen)
SRV - [2008/03/21 12:31:46 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008/01/19 00:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/04 20:56:52 | 003,572,592 | ---- | M] (Webroot Software, Inc.) [Auto | Running] -- C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2007/10/31 09:40:08 | 000,125,440 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files\ArcSoft\Magic-I Visual Effects\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/09/28 22:11:44 | 000,292,128 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2007/09/23 11:36:38 | 002,818,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/09/20 19:52:32 | 000,079,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe -- (VcmXmlIfHelper)
SRV - [2007/09/05 09:53:48 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/08/28 17:27:12 | 000,131,072 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe -- (VzFw)
SRV - [2007/08/28 17:27:10 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2007/08/14 21:05:18 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/08/09 00:51:32 | 000,499,712 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/08/09 00:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/08/09 00:51:30 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/08/09 00:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/08/09 00:51:30 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/06/28 09:53:04 | 000,073,728 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2007/06/28 09:52:48 | 000,274,432 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/01/31 13:11:42 | 002,975,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007/01/12 19:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2007/01/10 16:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/14 03:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 03:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 02:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/03/20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/12/19 21:19:38 | 000,010,872 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf001.sys -- (apf001)
DRV - [2010/10/11 12:19:36 | 000,016,240 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2010/10/11 12:19:28 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2010/10/11 12:19:26 | 000,014,120 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2009/05/13 11:41:02 | 000,121,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdm.sys -- (sscemdm)
DRV - [2009/05/13 11:41:02 | 000,090,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscebus.sys -- (sscebus) SAMSUNG USB Composite Device V2 driver (WDM)
DRV - [2009/05/13 11:41:02 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscemdfl.sys -- (sscemdfl)
DRV - [2008/05/08 18:05:36 | 000,026,112 | ---- | M] (NCH Swift Sound) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nchssvad.sys -- (NCHSSVAD)
DRV - [2008/05/01 08:11:45 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV - [2008/03/21 12:33:39 | 000,115,000 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008/01/04 20:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD)
DRV - [2008/01/04 20:34:34 | 000,163,696 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssidrv.sys -- (SSIDRV)
DRV - [2008/01/04 20:34:34 | 000,021,872 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sshrmd.sys -- (SSHRMD)
DRV - [2008/01/04 20:34:34 | 000,020,336 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SSFS0BB9.sys -- (SSFS0BB9)
DRV - [2007/11/15 17:29:22 | 000,818,688 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/10/29 19:30:30 | 000,017,920 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV - [2007/10/16 17:01:59 | 000,073,472 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/10/16 17:01:59 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/09/26 13:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007/09/19 14:38:18 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2007/09/04 17:02:46 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/09/04 17:02:11 | 000,084,480 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007/08/28 18:58:45 | 000,009,344 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SFEP.sys -- (SFEP)
DRV - [2007/05/26 01:03:06 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2007/05/15 01:00:00 | 000,852,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070515.033\NAVEX15.SYS -- (NAVEX15)
DRV - [2007/05/15 01:00:00 | 000,077,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Symantec\Definitions\VirusDefs\20070515.033\NAVENG.SYS -- (NAVENG)
DRV - [2007/02/01 02:21:02 | 000,417,592 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2007/01/11 18:22:20 | 000,276,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\srtspl.sys -- (SRTSPL)
DRV - [2007/01/11 18:22:18 | 000,025,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\srtspx.sys -- (SRTSPX)
DRV - [2007/01/11 18:22:14 | 000,247,608 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\srtsp.sys -- (SRTSP)
DRV - [2007/01/09 14:32:14 | 000,191,544 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2007/01/09 14:32:14 | 000,027,576 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2006/12/27 22:48:26 | 000,212,280 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20070108.003\IDSvix86.sys -- (IDSvix86)
DRV - [2004/04/13 19:20:08 | 000,015,781 | R--- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2001/05/07 03:56:02 | 000,019,805 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbio.sys -- (USBIO) USBIO Driver (usbio.sys)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{3B0B8EFF-3619-4856-A1EA-F5B3DAF4B5EA}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=sny_ie7;
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...putEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=63&bd=PAVILION&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = My Web Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultUrl = http://www.mywebsearch.com/jsp/cfg_.../barsearch.jhtml&st=sb&searchfor={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://sbc.yahoo.com/dsl
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{28F4A32B-116F-48fd-B4CE-4273852BB730}: "URL" = http://search.gphotoshow-toolbar.com/search?p=Q&ts=ne&w={searchTerms}&csrc=search-field
IE - HKCU\..\SearchScopes\{3B0B8EFF-3619-4856-A1EA-F5B3DAF4B5EA}: "URL" = http://search.aol.com/aolcom/search?query={searchTerms}&invocationType=sny_ie7;
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={sea...={outputEncoding}&sourceid=ie7&rlz=1I7GGIT_en
IE - HKCU\..\SearchScopes\{A5566DA7-69CA-43C1-AE1C-458F2F1BD036}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.serebii.net/index2.shtml"
FF - prefs.js..extensions.enabledItems:
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.10: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.0.0.1: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Ivana\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.7.1: C:\Users\Ivana\AppData\Local\Yahoo!\BrowserPlus\2.7.1\Plugins\npybrowserplus_2.7.1.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 19:39:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/15 16:32:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/16 19:39:26 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/15 16:32:45 | 000,000,000 | ---D | M]

[2008/06/17 20:36:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Extensions
[2012/06/27 11:28:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions
[2010/04/27 15:39:41 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/20 17:42:54 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/06/27 11:28:59 | 000,000,000 | ---D | M] ("I Want This") -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions\crossriderapp2258@crossrider.com
[2011/03/11 18:50:51 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\extensions\personas@christopher.beard
[2008/08/23 12:08:00 | 000,002,109 | ---- | M] () -- C:\Users\Ivana\AppData\Roaming\Mozilla\Firefox\Profiles\9mk8yxva.default\searchplugins\youtube-video-search.xml
[2012/06/06 10:53:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/20 11:15:56 | 000,459,683 | ---- | M] () (No name found) -- C:\USERS\IVANA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9MK8YXVA.DEFAULT\EXTENSIONS\NICOFOX@LITTLEBTC.XPI
[2012/06/16 19:39:26 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2010/01/13 15:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/03/15 01:29:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/15 01:29:43 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/28 18:56:01 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
O4 - HKLM..\Run: [Anti-phishing Domain Advisor] C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe (Visicom Media Inc. (Powered by Panda Security))
O4 - HKLM..\Run: [BambooCore] C:\Program Files\Bamboo Dock\BambooCore.exe ()
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TP CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe (Symantec Corporation)
O4 - HKLM..\Run: [VAIO Center Access Bar] c:\program files\sony\VAIO Center Access Bar\VCAB.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIO Help and Support Demo] C:\Program Files\Sony\VAIO Help and Support Demo\LaunchVHSD.exe ()
O4 - HKLM..\Run: [VAIORegistration] C:\Program Files\Sony\First Experience\WelcomeLauncher.exe (Sony Electronics, Inc.)
O4 - HKLM..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe ()
O4 - HKLM..\Run: [VWLASU] C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe (Sony Electronics, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Ivana\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Ivana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VirtualExpander.lnk = C:\Users\Ivana\AppData\Local\Sony Corporation\VirtualExpander\VirtualExpander.exe (Sony Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} http://avatar.mabinogi.com:88/renderer/mabiweb.2009.4.9.cab (MabinogiWebAvatarRenderer Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABE3899E-4A54-402C-9350-879195F38C10}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E75B49DA-A45C-4BE5-ADB6-6407114BCFE2}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Ivana\Pictures\shrine.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ivana\Pictures\shrine.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========

[2012/06/28 23:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/06/28 22:59:47 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Ivana\Desktop\TFC.exe
[2012/06/28 22:32:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/28 19:21:21 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Ivana\Desktop\OTL.exe
[2012/06/28 19:07:33 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\temp
[2012/06/28 19:06:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/28 18:26:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/28 18:26:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/28 18:26:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/28 18:26:35 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012/06/28 18:26:24 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/28 18:20:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/28 18:16:08 | 004,566,027 | R--- | C] (Swearware) -- C:\Users\Ivana\Desktop\ComboFix.exe
[2012/06/28 18:14:49 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{E50FE989-A0F1-437A-9675-C31A45D47BA0}
[2012/06/28 18:14:34 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{AC8CEADA-6384-430C-8970-4314DF14E92B}
[2012/06/27 22:01:11 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/27 20:23:52 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Roaming\ImgBurn
[2012/06/27 20:21:40 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2012/06/27 20:21:40 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2012/06/27 18:51:59 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Roaming\Malwarebytes
[2012/06/27 18:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/27 18:51:54 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/06/27 18:51:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/27 18:51:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/27 14:26:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/27 14:21:11 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/06/27 10:57:51 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{EFFC308C-1641-44F8-91C9-9D1036730AD1}
[2012/06/27 10:57:18 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{4335F55D-F831-46D6-87A2-E87E69A4ABB2}
[2012/06/26 11:27:34 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{05E95ED0-B361-46AF-8670-E409257F17E8}
[2012/06/25 11:43:18 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{23007D4A-7938-4BD3-9D4F-17EF5ACC580E}
[2012/06/24 11:45:21 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{C8E8E48E-8E4F-48C1-BD54-55C10DFA418C}
[2012/06/23 23:44:53 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{7214CC9D-F196-488E-8D09-A50209E412C6}
[2012/06/23 11:44:43 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{708631C6-0727-4A3E-B45E-45A7C4867CB6}
[2012/06/22 12:35:41 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/06/22 10:38:20 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{C2C48BDD-827A-4238-996C-C9595583BC28}
[2012/06/22 10:38:05 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{6C120788-9F69-4447-B9A2-E93432FC55DE}
[2012/06/21 19:09:36 | 000,000,000 | ---D | C] -- C:\Users\Ivana\Documents\My Received Files
[2012/06/21 18:02:45 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{BFEBE2A7-19C1-4F00-9B04-26F8C0D9B085}
[2012/06/21 18:02:33 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\{F8DDE8B3-92A0-468D-9B4D-827CC33C0CB7}
[2012/06/21 18:02:13 | 000,000,000 | ---D | C] -- C:\Users\Ivana\Tracing
[2012/06/21 17:55:54 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012/06/21 17:42:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012/06/21 17:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012/06/21 16:19:20 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\FireAlpaca
[2012/06/21 15:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FireAlpaca
[2012/06/21 15:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\FireAlpaca
[2012/06/18 13:18:06 | 000,000,000 | ---D | C] -- C:\Users\Ivana\Desktop\Appsheets
[2012/06/16 12:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vectorian Giotto
[2012/06/16 12:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\Vectorian Inc
[2012/06/13 10:59:17 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Roaming\Skype
[2012/06/13 10:59:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/06/13 10:59:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/06/13 10:58:57 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/06/13 10:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012/06/13 10:13:18 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\Macromedia
[2012/06/08 12:25:23 | 2433,958,760 | ---- | C] (Nexon) -- C:\Users\Ivana\Desktop\DragonNestSetupV140.exe
[2012/06/04 18:03:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\AI_RecycleBin
[2012/06/04 18:03:39 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\Procaster
[2012/06/04 18:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Livestream Procaster
[2012/06/04 18:03:37 | 000,000,000 | ---D | C] -- C:\Program Files\Livestream Procaster
[2012/06/04 12:31:36 | 000,000,000 | ---D | C] -- C:\Users\Ivana\AppData\Local\Unity

========== Files - Modified Within 30 Days ==========

[2012/06/29 12:08:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/29 11:58:18 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/29 11:55:52 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 11:55:52 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/29 11:55:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/29 11:55:41 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/29 01:52:16 | 000,001,842 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/06/29 01:34:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/28 22:59:49 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Ivana\Desktop\TFC.exe
[2012/06/28 22:59:24 | 000,340,645 | ---- | M] () -- C:\Users\Ivana\Desktop\FSS.exe
[2012/06/28 22:59:01 | 000,869,194 | ---- | M] () -- C:\Users\Ivana\Desktop\SecurityCheck.exe
[2012/06/28 19:21:22 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Ivana\Desktop\OTL.exe
[2012/06/28 18:56:01 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/06/28 18:16:15 | 004,566,027 | R--- | M] (Swearware) -- C:\Users\Ivana\Desktop\ComboFix.exe
[2012/06/27 18:54:32 | 000,001,356 | ---- | M] () -- C:\Users\Ivana\AppData\Local\d3d9caps.dat
[2012/06/27 14:27:41 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/27 14:26:58 | 000,598,096 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/06/27 14:26:58 | 000,105,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/06/27 13:16:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012/06/26 20:12:29 | 000,059,136 | ---- | M] () -- C:\Users\Ivana\Desktop\Doom (2) (48000 Hz).mp3
[2012/06/26 17:05:08 | 000,215,247 | ---- | M] () -- C:\Users\Ivana\Desktop\Photo0569.jpg
[2012/06/26 17:05:08 | 000,018,563 | ---- | M] () -- C:\Users\Ivana\.recently-used.xbel
[2012/06/26 16:44:14 | 001,233,629 | ---- | M] () -- C:\Users\Ivana\Desktop\forest_path_anime_background_by_wbd-d3l83r9.jpg
[2012/06/26 15:09:27 | 000,474,129 | ---- | M] () -- C:\Users\Ivana\Desktop\Anime_Style_Beach_Background_by_wbd.jpg
[2012/06/21 15:58:25 | 000,000,974 | ---- | M] () -- C:\Users\Public\Desktop\FireAlpaca.lnk
[2012/06/17 15:41:39 | 000,030,835 | ---- | M] () -- C:\Users\Ivana\Desktop\5565eefb8ec44845_1338622384.jpg
[2012/06/17 15:19:08 | 000,131,068 | ---- | M] () -- C:\Users\Ivana\Desktop\27890042_p10.jpg
[2012/06/16 17:16:20 | 000,668,760 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/13 10:59:02 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/08 17:21:14 | 000,000,175 | ---- | M] () -- C:\Users\Public\Desktop\DragonNest.url
[2012/06/08 17:14:00 | 2433,958,760 | ---- | M] (Nexon) -- C:\Users\Ivana\Desktop\DragonNestSetupV140.exe
[2012/06/06 10:54:11 | 000,000,900 | ---- | M] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk

========== Files Created - No Company Name ==========

[2012/06/28 22:59:23 | 000,340,645 | ---- | C] () -- C:\Users\Ivana\Desktop\FSS.exe
[2012/06/28 22:58:49 | 000,869,194 | ---- | C] () -- C:\Users\Ivana\Desktop\SecurityCheck.exe
[2012/06/28 18:26:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/28 18:26:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/28 18:26:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/28 18:26:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/28 18:26:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/28 18:09:20 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2012/06/27 20:21:40 | 000,001,685 | ---- | C] () -- C:\Users\Ivana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2012/06/27 14:27:08 | 000,001,831 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/26 22:01:55 | 000,215,247 | ---- | C] () -- C:\Users\Ivana\Desktop\Photo0569.jpg
[2012/06/26 20:12:25 | 000,059,136 | ---- | C] () -- C:\Users\Ivana\Desktop\Doom (2) (48000 Hz).mp3
[2012/06/26 17:05:08 | 000,018,563 | ---- | C] () -- C:\Users\Ivana\.recently-used.xbel
[2012/06/26 16:43:53 | 001,233,629 | ---- | C] () -- C:\Users\Ivana\Desktop\forest_path_anime_background_by_wbd-d3l83r9.jpg
[2012/06/26 15:08:48 | 000,474,129 | ---- | C] () -- C:\Users\Ivana\Desktop\Anime_Style_Beach_Background_by_wbd.jpg
[2012/06/21 17:50:56 | 000,002,030 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012/06/21 15:58:25 | 000,000,974 | ---- | C] () -- C:\Users\Public\Desktop\FireAlpaca.lnk
[2012/06/17 15:41:37 | 000,030,835 | ---- | C] () -- C:\Users\Ivana\Desktop\5565eefb8ec44845_1338622384.jpg
[2012/06/17 15:18:52 | 000,131,068 | ---- | C] () -- C:\Users\Ivana\Desktop\27890042_p10.jpg
[2012/06/13 10:59:02 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/06/04 18:03:43 | 000,000,900 | ---- | C] () -- C:\Users\Public\Desktop\Livestream Procaster.lnk
[2011/12/19 21:19:38 | 000,012,920 | ---- | C] () -- C:\Windows\System32\apl001.sys
[2011/12/19 21:19:38 | 000,010,872 | ---- | C] () -- C:\Windows\System32\apf001.sys
[2011/09/08 18:34:17 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2011/08/20 14:04:10 | 000,004,296 | ---- | C] () -- C:\Windows\checkip.dat
[2010/11/20 23:26:16 | 000,000,067 | ---- | C] () -- C:\Windows\Star Video Converter.INI
[2009/11/15 16:35:54 | 000,002,292 | ---- | C] () -- C:\Users\Ivana\AppData\Roaming\ASSDraw3.cfg
[2009/03/16 21:18:16 | 000,001,356 | ---- | C] () -- C:\Users\Ivana\AppData\Local\d3d9caps.dat
[2008/05/16 18:29:41 | 000,032,256 | ---- | C] () -- C:\Users\Ivana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/04/27 18:48:27 | 000,000,552 | ---- | C] () -- C:\Users\Ivana\AppData\Local\d3d8caps.dat
[2008/04/19 17:26:05 | 000,001,232 | RHS- | C] () -- C:\Users\Ivana\ntuser.pol

========== LOP Check ==========

[2008/06/17 20:54:12 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\acccore
[2010/11/19 18:13:14 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Aegisub
[2009/12/07 21:17:20 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\AnvSoft
[2012/06/16 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Audacity
[2009/11/15 17:38:09 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\avidemux
[2011/11/13 14:29:00 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Design Science
[2012/06/22 19:05:40 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\gtk-2.0
[2012/06/27 20:48:49 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\ImgBurn
[2008/05/08 18:05:33 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\NCH Swift Sound
[2010/04/10 18:47:35 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\NetMedia Providers
[2008/04/30 00:46:01 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Nexon
[2010/02/07 16:58:57 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Publish Providers
[2010/06/21 15:29:18 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Sakura
[2010/09/25 19:11:24 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Samsung
[2011/08/15 14:16:04 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\ShanghaiAlice
[2010/04/10 18:46:38 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Sony
[2010/09/14 20:31:50 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\SYSTEMAX Software Development
[2011/12/20 15:39:08 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\SystemRequirementsLab
[2010/07/24 14:01:27 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Titanium
[2011/06/08 10:19:10 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\Wacom
[2011/06/08 10:19:12 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
[2010/11/20 17:03:57 | 000,000,000 | ---D | M] -- C:\Users\Ivana\AppData\Roaming\WinFF
[2012/06/29 01:52:33 | 000,032,646 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========


< End of report >
 
Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ("drive-by-install") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

Next.....

Run the fix listed below from Safe Mode.

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    PRC - [2008/03/21 12:31:46 | 001,174,664 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    PRC - [2007/01/09 21:59:52 | 000,115,816 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    PRC - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    SRV - [2008/03/21 12:31:46 | 001,174,664 | ---- | M] (Symantec Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
    SRV - [2007/01/31 13:11:42 | 002,975,352 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
    SRV - [2007/01/12 19:40:58 | 000,049,248 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
    SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
    SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
    SRV - [2007/01/09 21:59:32 | 000,108,648 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
    O2 - BHO: (Reg Error: Value error.) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll (Symantec Corporation)
    O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll (Symantec Corporation)
    O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
    O4 - HKLM..\Run: [TP CfgWiz] C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SymCuw.exe (Symantec Corporation)
    
    
    :Services
    
    :Reg
    
    :Files
    C:\Program Files\Common Files\Symantec Shared
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
Removed Viewpoint and ran OTL fix. Here is the log.
--

All processes killed
========== OTL ==========
No active process named symlcsvc.exe was found!
No active process named ccApp.exe was found!
No active process named ccSvcHst.exe was found!
Service Symantec Core LC stopped successfully!
Service Symantec Core LC deleted successfully!
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe moved successfully.
Service LiveUpdate stopped successfully!
Service LiveUpdate deleted successfully!
C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE moved successfully.
Service comHost stopped successfully!
Service comHost deleted successfully!
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe moved successfully.
Service CLTNetCnService stopped successfully!
Service CLTNetCnService deleted successfully!
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe moved successfully.
Service ccSetMgr stopped successfully!
Service ccSetMgr deleted successfully!
File C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe not found.
Service ccEvtMgr stopped successfully!
Service ccEvtMgr deleted successfully!
File C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\ deleted successfully.
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{90222687-F593-4738-B738-FBEE9C7B26DF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{90222687-F593-4738-B738-FBEE9C7B26DF}\ deleted successfully.
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ccApp deleted successfully.
C:\Program Files\Common Files\Symantec Shared\ccApp.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TP CfgWiz deleted successfully.
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\SYMCUW.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\Common Files\Symantec Shared\VAScanner folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymTheme folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_2_0_10\Support\Reporter folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_2_0_10\Support folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymSetup\{2D617065-1C52-4240-B5BC-C0AE12157777}_1_2_0_10 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymSetup folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymHTML\1.0 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SymHTML folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\Support Controls folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SRTSP folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SPManifests folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\SPBBC folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\Security Center folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF} folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\OPC folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\NPC folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\NHelp folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\MSL folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\MceAddIn folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\IDS folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\Help folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\Firewall folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\coShared\WP\1.5 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\coShared\WP folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\coShared\WA folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\coShared\Common\1.5 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\coShared\Common folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5 folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\coShared\Browser folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\coShared folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\COH folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\Cleanup folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\CF\Manifests folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\CF folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\CCPD-LC folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\AppCore folder moved successfully.
C:\Program Files\Common Files\Symantec Shared\AntiVirus folder moved successfully.
C:\Program Files\Common Files\Symantec Shared folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eric Yu
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ivana
->Temp folder emptied: 736779 bytes
->Temporary Internet Files folder emptied: 33246256 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 700 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5450 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 32.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Eric Yu

User: Guest

User: Ivana
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Eric Yu
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Ivana
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06292012_123238
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it.
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Do NOT post JavaRa log.

=====================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Updated Java, removed old Java, and ran OTL fix. I'll run the Cleanup now and do the remaining steps after my PC reboots.
--

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eric Yu
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Ivana
->Temp folder emptied: 563136 bytes
->Temporary Internet Files folder emptied: 33180791 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 1211 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3116 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 32.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Eric Yu
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Ivana
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Eric Yu

User: Guest

User: Ivana
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.53.0 log created on 06292012_131035
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 
Everything else is done, although I think I'll use CCleaner instead of TFS.
Thank you very much for your help, Broni! My computer is running well again! :D
 
Way to go!!
p4193510.gif

Good luck and stay safe :)
 
Back